Skip to content

Pr/daniel noland/sanitize and clean up #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
daniel-noland wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

Pr/daniel noland/sanitize and clean up #210

daniel-noland wants to merge 11 commits into from

Conversation

@daniel-noland
Copy link
Collaborator

@daniel-noland daniel-noland commented Nov 23, 2025

No description provided.

@daniel-noland
chore: syntax and structure cleanup
e3f828d 
This commit does two things to clean up the formatting of the main
default.nix file.

First, it factors the optimizedBuild function out, mostly for consistency.
This does not actually impact the meaning of the expressions.

Second, it removes a (now) pointless split of the libyang build into a -dynamic,
-static, and a combined build.
The -dynamic build is no longer useful now that our build of FRR is almost
completely static, so this split was just pointless complexity.

Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@daniel-noland
fixup! chore: syntax and structure cleanup
19a381c
@daniel-noland
fixup! fixup! chore: syntax and structure cleanup
aa5ec75
@daniel-noland
feat: add thread profile
5919f5f 
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@daniel-noland
feat: add symbolizer for sanitize builds
c9fc89c 
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@daniel-noland
feat: add thread sanitizer fuzz profile
1dc5dec 
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@daniel-noland
feat(dpdk): increase max numa nodes
7090648 
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@daniel-noland
chore(base-image): format
5f9c20c 
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@daniel-noland
docs: remove obsolete design docs
fd1f9ec 
These are very very out of date.

Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@daniel-noland
docs(dpdk): remove misleading comments
8e1b9f9 
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@daniel-noland
feat: add profile name to build flags
cb21dd1 
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
@github-actions
Copy link
Contributor

github-actions bot commented Nov 23, 2025

Outdated packages (gnu64):
priority nix_package version_local version_nixpkgs version_upstream
13 glibc 2.40-66 2.40-66 2.42
12 gcc 14.3.0 14.3.0 15.2.0;15.2
11 llvm 21.1.2 21.1.2 21.1.6
11 binutils 2.44 2.44 2.45.1
10 pcre2 10.46 10.46 10.47
10 coreutils 9.8 9.8 9.9
7 libxcrypt 4.4.38 4.4.38 4.5.2
6 libcap 2.76 2.76 2.77
5 perl 5.40.0 5.40.0 5.42.0;5.42
4 sqlite 3.50.4 3.50.4 3.51.0
4 kmod 31 31 34.2
4 numactl 2.0.18 2.0.18 2.0.19

@github-actions
Copy link
Contributor

github-actions bot commented Nov 23, 2025

Vulnerable packages (gnu64):

vuln_id url package severity version_local version_nixpkgs version_upstream package_repology sortcol classify
CVE-2025-8225 https://nvd.nist.gov/vuln/detail/CVE-2025-8225 binutils 3.3 2.44 2.44 2.45.1 binutils 2025A0000008225 fix_update_to_version_upstream
CVE-2025-8224 https://nvd.nist.gov/vuln/detail/CVE-2025-8224 binutils 3.3 2.44 2.44 2.45.1 binutils 2025A0000008224 fix_update_to_version_upstream
CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 libxml2 2.5 2.15.1 2.15.1 2.15.1 libxml2 2025A0000006170 err_not_vulnerable_based_on_repology
CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 libxml2 7.5 2.15.1 2.15.1 2.15.1 libxml2 2025A0000006021 err_not_vulnerable_based_on_repology
CVE-2025-5745 https://nvd.nist.gov/vuln/detail/CVE-2025-5745 glibc 5.6 2.40-66 2.40-66 2.42 glibc 2025A0000005745 fix_update_to_version_upstream
CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 glibc 5.6 2.40-66 2.40-66 2.42 glibc 2025A0000005702 fix_update_to_version_upstream
CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 binutils 3.3 2.44 2.44 2.45.1 binutils 2025A0000003198 fix_update_to_version_upstream
CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 binutils 3.1 2.44 2.44 2.45.1 binutils 2025A0000001153 fix_update_to_version_upstream
OSV-2024-698 https://osv.dev/OSV-2024-698 libxml2 2.15.1 2.15.1 2.15.1 libxml2 2024A0000000698 err_not_vulnerable_based_on_repology
CVE-2023-6992 https://nvd.nist.gov/vuln/detail/CVE-2023-6992 zlib 4.0 1.3.1 1.3.1 1.3.1 zlib 2023A0000006992 err_not_vulnerable_based_on_repology
CVE-2023-4039 https://nvd.nist.gov/vuln/detail/CVE-2023-4039 gcc 4.8 14.3.0 14.3.0 15.2.0 gcc 2023A0000004039 fix_not_available
OSV-2021-777 https://osv.dev/OSV-2021-777 libxml2 2.15.1 2.15.1 2.15.1 libxml2 2021A0000000777 err_not_vulnerable_based_on_repology
CVE-2016-2781 https://nvd.nist.gov/vuln/detail/CVE-2016-2781 coreutils 6.5 9.8 9.8 9.9 coreutils 2016A0000002781 fix_not_available

@qmonnet
Copy link
Member

qmonnet commented Nov 24, 2025
edited
Loading

image

Please squash your fixup commits

[EDIT: Ah but it's still a draft PR, sorry]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@daniel-noland @qmonnet